Re: CVEs -> Snort Rules

["Joel Esler (jesler)" <jesler () cisco com>]

You can search for the CVEs in the policy application interface and it will show you the applicable rules, or you can 
search for the CVE on Snort.org<http://snort.org>.

--
Joel Esler
Manager, Talos Group
Sent from my iPhone

On Nov 14, 2015, at 1:01 PM, Nate B. Clark <nateclark () tyndale com<mailto:nateclark () tyndale com>> wrote:

Hi -

In researching specific software vulnerabilities one can easily find CVEs that denote the relevant information.   For 
example, https://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html  provides CVE Numbers: 
CVE-2015-7297, CVE-2015-7857, CVE-2015-7858.

Is there any resource out there (from Cisco/Talos/Sourcefire or otherwise) that has the ability to determine if an 
existing Sort Rule maps to a published CVE?  The ultimate goal would be to ensure the relevant rules are enabled and 
protect against the Joomla vulnerabilities until the software can be properly patched.   We also wish to do the same 
with some specific Oracle CVEs, etc..

We are using Cisco FireSIGHT Management Center.

Thanks,

Nate Clark
Network Administrator
Tyndale House Publishers
351 Executive Dr. Carol Stream, IL 60188

------------------------------------------------------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!